#! /bin/sh /usr/share/dpatch/dpatch-run
## 19-fix_tls_errormessage.dpatch by Sven Mueller <debian@incase.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Make TLS/SSL error message more informative

@DPATCH@
--- cyrus-imapd-2.4.orig/imap/tls.c
+++ cyrus-imapd-2.4/imap/tls.c
@@ -172,7 +172,7 @@ int tls_enabled(void)
  * tim - this seems to just be giving logging messages
  */
 
-static void apps_ssl_info_callback(SSL * s, int where, int ret)
+static void apps_ssl_info_callback(const SSL * s, int where, int ret)
 {
     char   *str;
     int     w;
@@ -705,7 +705,7 @@ int     tls_init_serverengine(const char
     s_key_file = config_getstring(IMAPOPT_TLS_KEY_FILE);
 
     if (!set_cert_stuff(s_ctx, s_cert_file, s_key_file)) {
-	syslog(LOG_ERR,"TLS server engine: cannot load cert/key data");
+	syslog(LOG_ERR,"TLS server engine: cannot load cert/key data, may be a cert/key mismatch?");
 	return (-1);
     }
     SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
@@ -1259,7 +1259,7 @@ int tls_init_clientengine(int verifydept
     
     if (c_cert_file || c_key_file) {
 	if (!set_cert_stuff(c_ctx, c_cert_file, c_key_file)) {
-	    syslog(LOG_ERR,"TLS client engine: cannot load cert/key data");
+	    syslog(LOG_ERR,"TLS client engine: cannot load cert/key data, may be a cert/key mismatch?");
 	    return (-1);
 	}
     }
--- cyrus-imapd-2.4.orig/imtest/imtest.c
+++ cyrus-imapd-2.4/imtest/imtest.c
@@ -65,6 +65,7 @@
 
 #include <limits.h>
 #include <unistd.h>
+#include <ctype.h>
 
 #include <netinet/in.h>
 #include <sys/un.h>
@@ -428,7 +429,7 @@ static RSA *tmp_rsa_cb(SSL * s __attribu
  * tim - this seems to just be giving logging messages
  */
 
-static void apps_ssl_info_callback(SSL * s, int where, int ret)
+static void apps_ssl_info_callback(const SSL * s, int where, int ret)
 {
     char   *str;
     int     w;
@@ -541,7 +542,7 @@ static int tls_init_clientengine(int ver
     
     if (c_cert_file || c_key_file)
 	if (!set_cert_stuff(tls_ctx, c_cert_file, c_key_file)) {
-	    printf("TLS engine: cannot load cert/key data\n");
+	    printf("TLS engine: cannot load cert/key data, maybe a cert/key mismatch?\n");
 	    return IMTEST_FAIL;
 	}
     SSL_CTX_set_tmp_rsa_callback(tls_ctx, tmp_rsa_cb);
--- cyrus-imapd-2.4.orig/lib/imclient.c
+++ cyrus-imapd-2.4/lib/imclient.c
@@ -1731,7 +1731,7 @@ static int tls_init_clientengine(struct
 
     if (c_cert_file || c_key_file)
 	if (!set_cert_stuff(imclient->tls_ctx, c_cert_file, c_key_file)) {
-	    printf("[ TLS engine: cannot load cert/key data ]\n");
+	    printf("[ TLS engine: cannot load cert/key data, might be a cert/key mismatch]\n");
 	    return -1;
 	}
     SSL_CTX_set_tmp_rsa_callback(imclient->tls_ctx, tmp_rsa_cb);
